0% found this document useful (0 votes)
332 views19 pages

Placement of Encryption Function: v0.0 CPSC415 Biometrics and Cryptography 1

The KDC generates a random session key R1 to be shared between Alice and Bob. It encrypts R1 using Alice's key KA-KDC that she shares only with the KDC. It sends this encrypted message to Alice. It also encrypts R1 using Bob's key KB-KDC that he shares only with the KDC and sends this to Bob. Now both Alice and Bob can decrypt the messages from the KDC to obtain the shared session key R1, which they can then use to communicate securely with symmetric encryption.

Uploaded by

Dipesh Shrestha
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
332 views19 pages

Placement of Encryption Function: v0.0 CPSC415 Biometrics and Cryptography 1

The KDC generates a random session key R1 to be shared between Alice and Bob. It encrypts R1 using Alice's key KA-KDC that she shares only with the KDC. It sends this encrypted message to Alice. It also encrypts R1 using Bob's key KB-KDC that he shares only with the KDC and sends this to Bob. Now both Alice and Bob can decrypt the messages from the KDC to obtain the shared session key R1, which they can then use to communicate securely with symmetric encryption.

Uploaded by

Dipesh Shrestha
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 19

Placement of Encryption Function

Lecture 3

v0.0 CPSC415 Biometrics and Cryptography 1


Points of Vulnerability

• Adversary can eavesdrop from a machine


on the same LAN
• Adversary can eavesdrop by dialing into
communication server
• Adversary can eavesdrop by gaining
physical control of part of external links
– twisted pair, coaxial cable, or optical fiber
– radio or satellite links

v0.0 CPSC415 Biometrics and Cryptography 2


v0.0 CPSC415 Biometrics and Cryptography 3
Confidentiality using Symmetric
Encryption
• have two major placement alternatives
• link encryption
– encryption occurs independently on every link
– All traffic over all communication links is secured
– implies must decrypt traffic between links because the
switch must read the address in the packet header
– Each pair of nodes that share a unique key, with a
different key used on each link, many keys.
– Message is vulnerable at each switch
– If working with a public network, the user has not
control over the security of the nodes

v0.0 CPSC415 Biometrics and Cryptography 4


Confidentiality using Symmetric
Encryption
• end-to-end encryption
– encryption occurs between original source and
final destination
– need devices at each end with shared keys
– Secure the transmission against attacks on the
network links or switches
– “end-to-end principle”
– What part of each packet will the host encrypt?
Header or user data?
– A degree of authentication, only alleged sender
shares the relevant key

v0.0 CPSC415 Biometrics and Cryptography 5


v0.0 CPSC415 Biometrics and Cryptography 6
Placement of Encryption

• Can place encryption function at various


layers in OSI Reference Model
– link encryption occurs at layers 1 or 2
– end-to-end can occur at layers 3, 4, 6, 7
• If move encryption toward higher layer
– less information is encrypted but is more
secure
– application layer encryption is more complex,
with more entities and need more keys

v0.0 CPSC415 Biometrics and Cryptography 7


Scope of Encryption

v0.0 CPSC415 Biometrics and Cryptography 8


Traffic Analysis
• is monitoring of communications flows
between parties
– useful both in military & commercial spheres
– can also be used to create a covert channel
• link encryption obscures header details
– but overall traffic volumes in networks and at
end-points is still visible
• traffic padding can further obscure flows
– but at cost of continuous traffic

v0.0 CPSC415 Biometrics and Cryptography 9


Traffic Analysis
• when using end-to-end encryption must
leave headers in clear
– so network can correctly route information
• hence although contents protected,
traffic pattern flows are not
• ideally want both at once
– end-to-end protects data contents over
entire path and provides authentication
– link protects traffic flows from monitoring

v0.0 CPSC415 Biometrics and Cryptography 10


Key Distribution Center

v0.0 CPSC415 Biometrics and Cryptography 11


Symmetric Cryptographic System
cryptanalysis M
K
Eve
M C M
encryption decryption Bob
Alice
K
Secure channel
key
• Alice: sender
• Bob: receiver
• Eve: eavesdropper / Oscar : opponent
• Alice and Bob are the celebrities in cryptography.

• Ciphertext C = EK(M); Plaintext M = EK-1(C)


• One of the greatest difficulties: key management
• Algorithms: DES, CAST, IDEA, RC2/4/5 (Rivest’s Code), AES, …

v0.0 CPSC415 Biometrics and Cryptography 12


Symmetric Key Management
• Each pair of communicating entities needs a shared key
– Why?
– For a n-party system, there are n(n-1)/2 distinct keys in the system
and each party needs to maintain n-1 distinct keys.
• How to reduce the number of shared keys in the system
– Centralized key management
– Public keys
K1 K4
K2 K3
K5

K6
K8
K7

K9

K10

v0.0 CPSC415 Biometrics and Cryptography 13


Centralized Key Management
Online Central Server

K1 K2

session key

Alice Bob

• Only n keys, instead of n(n-1)/2 in the system.


• Central server may become the single-point-of-failure of the
entire system and the performance bottleneck.

v0.0 CPSC415 Biometrics and Cryptography 14


Key Distribution

• symmetric schemes require both


parties to share a common secret key
• issue is how to securely distribute
this key
• often secure system failure due to a
break in the key distribution scheme

v0.0 CPSC415 Biometrics and Cryptography 15


Key Distribution
• given parties A and B have various
key distribution alternatives:
1. A can select key and physically deliver to B
2. third party can select & deliver key to A & B
3. if A & B have communicated previously can use
previous key to encrypt a new key
4. if A & B have secure communications with a
third party C, C can relay key between A & B

v0.0 CPSC415 Biometrics and Cryptography 16


Key Distribution Scenario

v0.0 CPSC415 Biometrics and Cryptography 17


Key Distribution Issues
• hierarchies of KDC’s required for large
networks, but must trust each other
• session key lifetimes should be limited
for greater security
• controlling purposes keys are used for
– lots of keys to keep track of
– binding management information to key

v0.0 CPSC415 Biometrics and Cryptography 18


Key Distribution Center (KDC)

Q: How does KDC allow Bob, Alice to determine shared


symmetric secret key to communicate with each other?

KDC
generates
KA-KDC(A,B) R1

Alice KA-KDC(R1, KB-KDC(A,R1) )


Bob knows to
knows use R1 to
R1 KB-KDC(A,R1) communicate
with Alice

Alice and Bob communicate: using R1 as


session key for shared symmetric encryption
v0.0 CPSC415 Biometrics and Cryptography 19

You might also like